For the past few years, I've been fiddling with OpenDarwin's libFoundation in my spare time -- of which there is admitedly very little. For those new to the party, OpenDarwin's libFoundation project was an attempt to rewrite, refactor, and otherwise port the original libFoundation, as written by Ovidiu Predescu, Mircea Oancea, and Helge Hess, to Darwin. The end goals were simple. In order of importance:
The first goal was easily achieved, and surprisingly enough, I've been making some good progress on the second. With OpenDarwin's impending cessation of operation, I decided to set aside a week of my copious vacation time supplied by my generous employer to find OpenDarwin's libFoundation a new home, and tackle some difficult problems, including a unicode-aware NSString. I'm pleased to say that the week was well spent, and the newly christened Objective-C Substrate was the end result.
Click here to read more ... 18:08 Tue, 12 Sep 2006 PDT -0700I'd like to announce the first release candidate of version 2.0 of my LDAP authentication plugin for OpenVPN
This release is a vast improvement on the rudimentary 1.0 plugin -- new features include:
Nick Barkas and I released Splat 1.0 today, on behalf of the Three Rings Department of Public Works. If you need to synchronise information with an LDAP directory, Splat provides a great plugin interface. Included with the distribution are plugins to create home directories, write out SSH keys with command restrictions, and write out .forward files.
We use Splat here at Three Rings to distribute SSH keys to all of our servers, allowing us to further erradicate password authentication. Splat can apply filters based on LDAP groups, so we can, for instance, apply a subversion command= restriction only on the subversion server.
Next splat plugins I want to write:
17:08 Wed, 26 Apr 2006 PDT -0700
- User deletion
- Interface to our RFID card access system
Splat is a daemon designed to help keep information in an LDAP directory in sync with information outside of an LDAP directory. This information can be any set of attributes on any object in the LDAP directory.
Splat was originally written for the purpose of distributing SSH keys from LDAP in a way that did not require modifying the SSH daemon.
In the process, we designed a generic daemon capable of pulling nearly any information from LDAP and using it in any way you see fit. Synchronize your LDAP directory with a relational database, update an organizational chart, or build a x509 certificate revocation list.
Click here to read more ... 17:00 Wed, 26 Apr 2006 PDT -0700I promised myself I would never post anything non-technical on this web log, but today I'm going to break that promise, just once.
I've asked Terri Kramer to marry me, and she said yes.
14:58 Sun, 05 Mar 2006 PST -0800I'm pleased to announce that Bacula's File Daemon now has complete support for signing and encrypting data prior to sending it to the Storage Daemon, and decrypting said data upon receipt from the Storage Daemon.
The code has been committed to Bacula CVS; usage instructions follow.
Click here to read more ... 10:49 Sun, 05 Mar 2006 PST -0800Below is the final tally of EFF donations. A big thanks to all those that donated to the project! If you are not listed, but should be, send me an e-mail.
Update! Thanks to Roberto Moreda of Allenta Consulting for the final donation of $180, bringing the final tally to $3000!
Donor: Amount:
WingNET Internet $500
Timo Neuvonen $250
Ed Grether $25
Charles Reinehr $100
Michael Proto $25
Phil Cordier $100
Dan Langille $100
Tom Plancon $65
Felix Schwarz $60
ClarkConnect $500
Andrew Ford $25
INetU, Inc $1000
Jo at Winfix.it $70
Allenta Consulting $180
Goal: $3000 Total: $3,000
13:44 Sat, 28 Jan 2006 PST -0800
A few months ago, I read Dan Kaminsky's presentation slides, Attacking Distributed Systems: The DNS Case Study. In the presentation, Kaminsky documents a method of implementing single bit data transfer with nothing more than:
After a particularly stressful week, I decided I needed to work on something fun -- an implementation of a DNS-based dead drop messaging system, utilizing Kaminsky's ideas.
Click here to read more ...